Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Project: EmployeeManagementSystem

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
antlr-2.7.7.jar antlr:antlr:2.7.7   0 12
aopalliance-1.0.jar aopalliance:aopalliance:1.0   0 10
cglib-nodep-2.1_3.jar cglib:cglib-nodep:2.1_3   0 9
guava-15.0.jar com.google.guava:guava:15.0   0 18
commons-codec-1.9.jar commons-codec:commons-codec:1.9   0 28
commons-collections-3.2.1.jar cpe:/a:apache:commons_collections:3.2.1 commons-collections:commons-collections:3.2.1 High 1 HIGHEST 25
commons-io-2.4.jar commons-io:commons-io:2.4   0 26
commons-logging-1.1.3.jar commons-logging:commons-logging:1.1.3   0 26
dom4j-1.6.1.jar dom4j:dom4j:1.6.1   0 16
netty-3.5.2.Final.jar io.netty:netty:3.5.2.Final   0 17
javax.servlet-api-3.0.1.jar javax.servlet:javax.servlet-api:3.0.1   0 25
jsp-api-2.1.jar javax.servlet.jsp:jsp-api:2.1   0 14
jstl-api-1.2.jar javax.servlet.jsp.jstl:jstl-api:1.2   0 12
jstl-1.2.jar javax.servlet:jstl:1.2   0 18
servlet-api-2.5.jar javax.servlet:servlet-api:2.5   0 13
log4j-1.2.17.jar cpe:/a:apache:log4j:1.2.17 log4j:log4j:1.2.17   0 LOW 16
mx4j-tools-3.0.1.jar mx4j:mx4j-tools:3.0.1   0 11
mysql-connector-java-5.1.18.jar cpe:/a:mysql:mysql:5.1.18 mysql:mysql-connector-java:5.1.18 High 101 HIGHEST 12
jna-3.4.0.jar net.java.dev.jna:jna:3.4.0   0 11
jna-3.4.0.jar: jnidispatch.dll   0 1
jna-3.4.0.jar: jnidispatch.dll   0 1
jna-3.4.0.jar: jnidispatch.dll   0 1
platform-3.4.0.jar net.java.dev.jna:platform:3.4.0   0 12
jcip-annotations-1.0.jar net.jcip:jcip-annotations:1.0   0 9
cssparser-0.9.13.jar net.sourceforge.cssparser:cssparser:0.9.13   0 11
htmlunit-core-js-2.14.jar net.sourceforge.htmlunit:htmlunit-core-js:2.14   0 11
htmlunit-2.14.jar net.sourceforge.htmlunit:htmlunit:2.14   0 18
nekohtml-1.9.20.jar net.sourceforge.nekohtml:nekohtml:1.9.20   0 9
commons-dbcp2-2.0.jar org.apache.commons:commons-dbcp2:2.0   0 26
commons-exec-1.1.jar org.apache.commons:commons-exec:1.1   0 25
commons-lang3-3.2.1.jar org.apache.commons:commons-lang3:3.2.1   0 26
commons-pool2-2.2.jar org.apache.commons:commons-pool2:2.2   0 26
httpclient-4.3.2.jar cpe:/a:apache:httpclient:4.3.2 org.apache.httpcomponents:httpclient:4.3.2 Medium 2 HIGHEST 22
httpcore-4.3.1.jar org.apache.httpcomponents:httpcore:4.3.1   0 21
httpmime-4.3.2.jar org.apache.httpcomponents:httpmime:4.3.2   0 21
bcpkix-jdk15on-1.48.jar org.bouncycastle:bcpkix-jdk15on:1.48   0 28
bcprov-jdk15on-1.48.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.48
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.48
org.bouncycastle:bcprov-jdk15on:1.48 Medium 1 LOW 25
jetty-io-8.1.14.v20131031.jar cpe:/a:eclipse:jetty:8.1.14.v20131031
cpe:/a:jetty:jetty:8.1.14.v20131031
org.eclipse.jetty:jetty-io:8.1.14.v20131031 Medium 1 LOW 22
hibernate-commons-annotations-4.0.1.Final.jar org.hibernate.common:hibernate-commons-annotations:4.0.1.Final   0 18
hibernate-core-4.1.7.Final.jar org.hibernate:hibernate-core:4.1.7.Final   0 14
hibernate-entitymanager-4.1.7.Final.jar org.hibernate:hibernate-entitymanager:4.1.7.Final   0 14
hibernate-jpa-2.0-api-1.0.1.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final   0 16
javassist-3.15.0-GA.jar org.javassist:javassist:3.15.0-GA   0 13
jboss-logging-3.1.0.GA.jar org.jboss.logging:jboss-logging:3.1.0.GA   0 25
jboss-transaction-api_1.1_spec-1.0.0.Final.jar org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec:1.0.0.Final   0 19
json-20080701.jar org.json:json:20080701   0 11
servlet-api-2.5-6.1.9.jar cpe:/a:mortbay_jetty:jetty:6.1.9 org.mortbay.jetty:servlet-api-2.5:6.1.9   0 LOW 21
jetty-repacked-7.6.1.jar cpe:/a:jetty:jetty:7.6.1   0 LOW 7
jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml cpe:/a:eclipse:jetty:7.6.1.v20120215
cpe:/a:jetty:jetty:7.6.1.v20120215
org.eclipse.jetty:jetty-io:7.6.1.v20120215 Medium 1 LOW 6
selenium-api-2.42.2.jar org.seleniumhq.selenium:selenium-api:2.42.2   0 11
selenium-chrome-driver-2.42.2.jar org.seleniumhq.selenium:selenium-chrome-driver:2.42.2   0 12
selenium-firefox-driver-2.42.2.jar org.seleniumhq.selenium:selenium-firefox-driver:2.42.2   0 12
selenium-htmlunit-driver-2.42.2.jar org.seleniumhq.selenium:selenium-htmlunit-driver:2.42.2   0 12
selenium-ie-driver-2.42.2.jar org.seleniumhq.selenium:selenium-ie-driver:2.42.2   0 12
selenium-java-2.42.2.jar org.seleniumhq.selenium:selenium-java:2.42.2   0 13
selenium-remote-driver-2.42.2.jar org.seleniumhq.selenium:selenium-remote-driver:2.42.2   0 12
selenium-safari-driver-2.42.2.jar org.seleniumhq.selenium:selenium-safari-driver:2.42.2   0 12
selenium-server-2.42.2.jar cpe:/a:jetty:jetty:2.42.2 org.seleniumhq.selenium:selenium-server:2.42.2   0 LOW 13
selenium-server-2.42.2.jar: readystate.jar   0 1
selenium-server-2.42.2.jar: hudsuckr.exe   0 1
selenium-support-2.42.2.jar org.seleniumhq.selenium:selenium-support:2.42.2   0 12
jcl-over-slf4j-1.7.5.jar org.slf4j:jcl-over-slf4j:1.7.5   0 18
slf4j-api-1.7.5.jar org.slf4j:slf4j-api:1.7.5   0 18
slf4j-log4j12-1.7.5.jar org.slf4j:slf4j-log4j12:1.7.5   0 18
spring-aop-4.0.6.RELEASE.jar org.springframework:spring-aop:4.0.6.RELEASE   0 14
spring-beans-4.0.6.RELEASE.jar org.springframework:spring-beans:4.0.6.RELEASE   0 13
spring-context-4.0.6.RELEASE.jar cpe:/a:context_project:context:4.0.6 org.springframework:spring-context:4.0.6.RELEASE   0 LOW 13
spring-core-4.0.6.RELEASE.jar cpe:/a:pivotal:spring_framework:4.0.6
cpe:/a:springsource:spring_framework:4.0.6
cpe:/a:vmware:springsource_spring_framework:4.0.6
org.springframework:spring-core:4.0.6.RELEASE   0 LOW 19
spring-expression-4.0.6.RELEASE.jar org.springframework:spring-expression:4.0.6.RELEASE   0 14
spring-jdbc-4.0.6.RELEASE.jar org.springframework:spring-jdbc:4.0.6.RELEASE   0 13
spring-orm-4.0.6.RELEASE.jar org.springframework:spring-orm:4.0.6.RELEASE   0 13
spring-tx-4.0.6.RELEASE.jar org.springframework:spring-tx:4.0.6.RELEASE   0 14
spring-web-4.0.6.RELEASE.jar org.springframework:spring-web:4.0.6.RELEASE   0 14
spring-webmvc-4.0.6.RELEASE.jar org.springframework:spring-webmvc:4.0.6.RELEASE   0 14
sac-1.3.jar org.w3c.css:sac:1.3   0 13
webbit-0.4.14.jar org.webbitserver:webbit:0.4.14   0 10
snakeyaml-1.8.jar org.yaml:snakeyaml:1.8   0 12
serializer-2.7.1.jar xalan:serializer:2.7.1   0 13
xalan-2.7.1.jar cpe:/a:apache:xalan-java:2.7.1 xalan:xalan:2.7.1 High 1 HIGHEST 23
xercesImpl-2.11.0.jar xerces:xercesImpl:2.11.0   0 24
xml-apis-1.4.01.jar xml-apis:xml-apis:1.4.01   0 15

Dependencies

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: C:\Users\manjushrig\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: antlr:antlr:2.7.7   Confidence:HIGH

aopalliance-1.0.jar

Description: AOP Alliance

License:

Public Domain
File Path: C:\Users\manjushrig\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: aopalliance:aopalliance:1.0   Confidence:HIGH

cglib-nodep-2.1_3.jar

File Path: C:\Users\manjushrig\.m2\repository\cglib\cglib-nodep\2.1_3\cglib-nodep-2.1_3.jar
MD5: db0e461169599af137eb24478c5292ce
SHA1: 58d3be5953547c0019e5704d6ed4ffda3b0c7c66
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: cglib:cglib-nodep:2.1_3   Confidence:HIGH

guava-15.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has two code dependencies - javax.annotation per the JSR-305 spec and javax.inject per the JSR-330 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\com\google\guava\guava\15.0\guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: com.google.guava:guava:15.0   Confidence:HIGH

commons-codec-1.9.jar

Description:  The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\commons-codec\commons-codec\1.9\commons-codec-1.9.jar
MD5: 75615356605c8128013da9e3ac62a249
SHA1: 9ce04e34240f674bc72680f8b843b1457383161a
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: commons-codec:commons-codec:1.9   Confidence:HIGH

commons-collections-3.2.1.jar

Description: Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar
MD5: 13bc641afd7fd95e09b260f69c1e4c91
SHA1: 761ea405b9b37ced573d2df0d1e3a4e0f9edc668
Referenced In Project: EmployeeManagementSystem

Identifiers

CVE-2015-6420  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Vulnerable Software & Versions: (show all)

commons-io-2.4.jar

Description:  The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\commons-io\commons-io\2.4\commons-io-2.4.jar
MD5: 7f97854dc04c119d461fed14f5d8bb96
SHA1: b1b6ea3b7e4aa4f492509a4952029cd8e48019ad
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: commons-io:commons-io:2.4   Confidence:HIGH

commons-logging-1.1.3.jar

Description: Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar
MD5: 92eb5aabc1b47287de53d45c086a435c
SHA1: f6f66e966c70a83ffbdb6f17a0919eaf7c8aca7f
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: commons-logging:commons-logging:1.1.3   Confidence:HIGH

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: C:\Users\manjushrig\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: dom4j:dom4j:1.6.1   Confidence:HIGH

netty-3.5.2.Final.jar

Description:  The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\manjushrig\.m2\repository\io\netty\netty\3.5.2.Final\netty-3.5.2.Final.jar
MD5: 2d75cefef03243943a3673d452b57f1f
SHA1: e6fb74a0699abe108969b2ec1f269391169a0426
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: io.netty:netty:3.5.2.Final   Confidence:HIGH

javax.servlet-api-3.0.1.jar

Description: Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\javax.servlet-api\3.0.1\javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: javax.servlet:javax.servlet-api:3.0.1   Confidence:HIGH

jsp-api-2.1.jar

File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\jsp\jsp-api\2.1\jsp-api-2.1.jar
MD5: b8a34113a3a1ce29c8c60d7141f5a704
SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: javax.servlet.jsp:jsp-api:2.1   Confidence:HIGH

jstl-api-1.2.jar

File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\jsp\jstl\jstl-api\1.2\jstl-api-1.2.jar
MD5: 7fe4f9829d305ef5b257bfc52e0e97db
SHA1: f9a034c1ca1f79c03bb461805a688f944544d138
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: javax.servlet.jsp.jstl:jstl-api:1.2   Confidence:HIGH

jstl-1.2.jar

File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\jstl\1.2\jstl-1.2.jar
MD5: 51e15f798e69358cb893e38c50596b9b
SHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: javax.servlet:jstl:1.2   Confidence:HIGH

servlet-api-2.5.jar

File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 69ca51af4e9a67a1027a7f95b52c3e8f
SHA1: 5959582d97d8b61f4d154ca9e495aafd16726e34
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: javax.servlet:servlet-api:2.5   Confidence:HIGH

log4j-1.2.17.jar

Description: Apache Log4j 1.2

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:apache:log4j:1.2.17   Confidence:LOW   
  • maven: log4j:log4j:1.2.17   Confidence:HIGH

mx4j-tools-3.0.1.jar

File Path: C:\Users\manjushrig\.m2\repository\mx4j\mx4j-tools\3.0.1\mx4j-tools-3.0.1.jar
MD5: 5f345ad6d9caf2d074df1c7dba35c6c6
SHA1: df853af9fe34d4eb6f849a1b5936fddfcbe67751
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: mx4j:mx4j-tools:3.0.1   Confidence:HIGH

mysql-connector-java-5.1.18.jar

Description: Artifactory auto generated POM

File Path: C:\Users\manjushrig\.m2\repository\mysql\mysql-connector-java\5.1.18\mysql-connector-java-5.1.18.jar
MD5: 78467fb2adf7f02bcfbff3ad022bc4e9
SHA1: 85dfedad243dc0303ad7ae3a323c39421d220690
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:mysql:mysql:5.1.18   Confidence:HIGHEST   
  • maven: mysql:mysql-connector-java:5.1.18   Confidence:HIGH

CVE-2015-2575  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

Vulnerable Software & Versions:

CVE-2014-0437  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0412  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0402  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions: (show all)

CVE-2014-0401  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0393  

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0386  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-5908  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Vulnerable Software & Versions: (show all)

CVE-2013-3808  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions: (show all)

CVE-2013-3804  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3802  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2013-2392  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-2391  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Vulnerable Software & Versions: (show all)

CVE-2013-2389  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-2378  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-1555  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-1552  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2013-1548  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

Vulnerable Software & Versions: (show all)

CVE-2013-1521  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1506  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1492  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

Vulnerable Software & Versions: (show all)

CVE-2013-0389  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-0385  

Severity: Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-0384  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-0383  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2012-5060  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-3197  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-3180  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-3177  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-3173  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

Vulnerable Software & Versions: (show all)

CVE-2012-3167  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2012-3166  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-3163  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2012-3160  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vulnerable Software & Versions: (show all)

CVE-2012-3158  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

Vulnerable Software & Versions: (show all)

CVE-2012-3150  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-2749  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

Vulnerable Software & Versions: (show all)

CVE-2012-2102  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

Vulnerable Software & Versions: (show all)

CVE-2012-1734  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1705  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1703  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

Vulnerable Software & Versions: (show all)

CVE-2012-1702  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-1697  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2012-1696  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1690  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

Vulnerable Software & Versions: (show all)

CVE-2012-1689  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1688  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Vulnerable Software & Versions: (show all)

CVE-2012-0882  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions: (show all)

CVE-2012-0583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2012-0574  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0572  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-0553  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

Vulnerable Software & Versions: (show all)

CVE-2012-0540  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-0492  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

Vulnerable Software & Versions: (show all)

CVE-2012-0490  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0485  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0484  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0120  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0119  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0118  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

Vulnerable Software & Versions: (show all)

CVE-2012-0116  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0115  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0114  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0113  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

Vulnerable Software & Versions: (show all)

CVE-2012-0112  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0102  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

Vulnerable Software & Versions: (show all)

CVE-2012-0101  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0087  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0075  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-2262  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2010-3840  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Software & Versions: (show all)

CVE-2010-3839  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Vulnerable Software & Versions: (show all)

CVE-2010-3838  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Vulnerable Software & Versions: (show all)

CVE-2010-3837  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Vulnerable Software & Versions: (show all)

CVE-2010-3836  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

Vulnerable Software & Versions: (show all)

CVE-2010-3835  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Software & Versions: (show all)

CVE-2010-3834  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

Vulnerable Software & Versions: (show all)

CVE-2010-3833  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Vulnerable Software & Versions: (show all)

CVE-2010-3683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2010-3681  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3680  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3679  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

Vulnerable Software & Versions: (show all)

CVE-2010-3678  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3676  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2009-5026  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Vulnerable Software & Versions: (show all)

CVE-2009-4030  

Severity: Medium
CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.

Vulnerable Software & Versions: (show all)

CVE-2009-4028  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Vulnerable Software & Versions: (show all)

CVE-2009-4019  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.

Vulnerable Software & Versions: (show all)

CVE-2009-0819  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2008-7247  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Vulnerable Software & Versions: (show all)

CVE-2008-3963  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-134 Uncontrolled Format String

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Vulnerable Software & Versions: (show all)

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2008-0226  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Software & Versions: (show all)

CVE-2007-5925  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Vulnerable Software & Versions:

jna-3.4.0.jar

Description: Java Native Access

License:

LGPL, version 2.1: http://creativecommons.org/licenses/LGPL/2.1/
File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar
MD5: 52b0d8408b694de10ce93c85514aaa10
SHA1: 803ff252fedbd395baffd43b37341dc4a150a554
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.java.dev.jna:jna:3.4.0   Confidence:HIGH

jna-3.4.0.jar: jnidispatch.dll

File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: f9761a775488b6128b46314574b59906
SHA1: de3b707726ebc4496e55509d1ceba8bcf6ad5b9c

Identifiers

  • None

jna-3.4.0.jar: jnidispatch.dll

File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar\com\sun\jna\win32-amd64\jnidispatch.dll
MD5: 715c98aa5955e7e07fb99d87f522e73a
SHA1: 0981d98dd34df47cd4bb915e5d20b5750eb33ef2

Identifiers

  • None

jna-3.4.0.jar: jnidispatch.dll

File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 50754352847b5e71e11abf4d30407148
SHA1: bb2fe694c6d7bca89fd431c0984c832ed35a4f0e

Identifiers

  • None

platform-3.4.0.jar

Description: Java Native Access Platform

License:

LGPL, version 2.1: http://creativecommons.org/licenses/LGPL/2.1/
File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar
MD5: c5057d6dc3a531708e4a91249fadda3f
SHA1: e3f70017be8100d3d6923f50b3d2ee17714e9c13
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.java.dev.jna:platform:3.4.0   Confidence:HIGH

jcip-annotations-1.0.jar

File Path: C:\Users\manjushrig\.m2\repository\net\jcip\jcip-annotations\1.0\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.jcip:jcip-annotations:1.0   Confidence:HIGH

cssparser-0.9.13.jar

Description: A CSS parser which implements SAC (the Simple API for CSS).

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.txt
File Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\cssparser\cssparser\0.9.13\cssparser-0.9.13.jar
MD5: a18c4c4436a43c8fb798e04bc8f1bdf0
SHA1: be59b8e492327e69ef1571266f1a34d83d7b2417
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.sourceforge.cssparser:cssparser:0.9.13   Confidence:HIGH

htmlunit-core-js-2.14.jar

Description:  HtmlUnit adaptation of Mozilla Rhino Javascript engine for Java. Changes are documented by a diff (rhinoDiff.txt) contained in the generated jar files.

License:

Mozilla Public License version 2.0: http://www.mozilla.org/MPL/2.0/
File Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\htmlunit\htmlunit-core-js\2.14\htmlunit-core-js-2.14.jar
MD5: 4720d3564da1c9ce62ecfb89626a1bff
SHA1: 77e78f065dc90726226c47ccd1b6babc4687c18b
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.sourceforge.htmlunit:htmlunit-core-js:2.14   Confidence:HIGH

htmlunit-2.14.jar

Description: A headless browser intended for use in testing web-based applications.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\htmlunit\htmlunit\2.14\htmlunit-2.14.jar
MD5: 0ec62e86cb52258861617d8c1ee3dc77
SHA1: 182c75720d34b71bb5726d498d91b854627c5a90
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.sourceforge.htmlunit:htmlunit:2.14   Confidence:HIGH

nekohtml-1.9.20.jar

Description: An HTML parser and tag balancer.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\nekohtml\nekohtml\1.9.20\nekohtml-1.9.20.jar
MD5: 29955bb122cf6f3981e2c6d3a0aaa6f9
SHA1: f7c918a3548dd81a15aab0619809b59f9bf4e931
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: net.sourceforge.nekohtml:nekohtml:1.9.20   Confidence:HIGH

commons-dbcp2-2.0.jar

Description: Apache Commons DBCP software implements Database Connection Pooling

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-dbcp2\2.0\commons-dbcp2-2.0.jar
MD5: 0febf5be9590197c865bcea5836ad645
SHA1: 49129daea0bf54feef21e6aa2e51b2ead8863261
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.apache.commons:commons-dbcp2:2.0   Confidence:HIGH

commons-exec-1.1.jar

Description: A library to reliably execute external processes from within the JVM

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-exec\1.1\commons-exec-1.1.jar
MD5: 74ec90baf201f7dea71272f09cac30bd
SHA1: 07dfdf16fade726000564386825ed6d911a44ba1
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.apache.commons:commons-exec:1.1   Confidence:HIGH

commons-lang3-3.2.1.jar

Description:  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-lang3\3.2.1\commons-lang3-3.2.1.jar
MD5: 7fc4221e7e3a05d8052d3fbb34fb0a5a
SHA1: 66f13681add50ca9e4546ffabafaaac7645db3cf
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.apache.commons:commons-lang3:3.2.1   Confidence:HIGH

commons-pool2-2.2.jar

Description: Apache Commons Object Pooling Library

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-pool2\2.2\commons-pool2-2.2.jar
MD5: 51b56c92883812c56fbeb339866ce2df
SHA1: bd1a6e384f3cf0f9b9a60e1e6c1c1ecbbee7e0b7
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.apache.commons:commons-pool2:2.2   Confidence:HIGH

httpclient-4.3.2.jar

Description:  HttpComponents Client

File Path: C:\Users\manjushrig\.m2\repository\org\apache\httpcomponents\httpclient\4.3.2\httpclient-4.3.2.jar
MD5: f5c0380ed42ed76100fb16434f3a1d35
SHA1: 10a45d03873baa34436ae54548d9f1140d4bb68a
Referenced In Project: EmployeeManagementSystem

Identifiers

CVE-2015-5262  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerable Software & Versions:

CVE-2014-3577  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

Vulnerable Software & Versions: (show all)

httpcore-4.3.1.jar

Description:  HttpComponents Core (blocking I/O)

File Path: C:\Users\manjushrig\.m2\repository\org\apache\httpcomponents\httpcore\4.3.1\httpcore-4.3.1.jar
MD5: 26c92ab115f285c332e14b3d423d255a
SHA1: 98e2eefcf524f757188f172642ecf5e2c7421947
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.apache.httpcomponents:httpcore:4.3.1   Confidence:HIGH

httpmime-4.3.2.jar

Description:  HttpComponents HttpClient - MIME coded entities

File Path: C:\Users\manjushrig\.m2\repository\org\apache\httpcomponents\httpmime\4.3.2\httpmime-4.3.2.jar
MD5: 91b8eb9fb5663acaa4b7bb8f0c31a8c3
SHA1: 3202421d9425ced69919b282afa644e7ef0e8fef
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.apache.httpcomponents:httpmime:4.3.2   Confidence:HIGH

bcpkix-jdk15on-1.48.jar

Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.7. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: C:\Users\manjushrig\.m2\repository\org\bouncycastle\bcpkix-jdk15on\1.48\bcpkix-jdk15on-1.48.jar
MD5: f8fc0496846f567ec951ac0a0e25ed00
SHA1: 28b7614b908a47844bb27e3c94b45b6893656265
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.bouncycastle:bcpkix-jdk15on:1.48   Confidence:HIGH

bcprov-jdk15on-1.48.jar

Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: C:\Users\manjushrig\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.48\bcprov-jdk15on-1.48.jar
MD5: c08b58e03da7d469b0e7df6f4dd99712
SHA1: 960dea7c9181ba0b17e8bab0c06a43f0a5f04e65
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.48   Confidence:LOW   
  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.48   Confidence:LOW   
  • maven: org.bouncycastle:bcprov-jdk15on:1.48   Confidence:HIGH

CVE-2015-7940  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Vulnerable Software & Versions: (show all)

jetty-io-8.1.14.v20131031.jar

Description: Administrative parent pom for Jetty modules

License:

http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: C:\Users\manjushrig\.m2\repository\org\eclipse\jetty\jetty-io\8.1.14.v20131031\jetty-io-8.1.14.v20131031.jar
MD5: e62180200f8e3cf6be6aebc4b5988723
SHA1: 12f6f92d7e58349501f2cfc0716b8f1c6a2962eb
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:eclipse:jetty:8.1.14.v20131031   Confidence:LOW   
  • cpe: cpe:/a:jetty:jetty:8.1.14.v20131031   Confidence:LOW   
  • maven: org.eclipse.jetty:jetty-io:8.1.14.v20131031   Confidence:HIGH

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

hibernate-commons-annotations-4.0.1.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\manjushrig\.m2\repository\org\hibernate\common\hibernate-commons-annotations\4.0.1.Final\hibernate-commons-annotations-4.0.1.Final.jar
MD5: 2f183e60ad3d10e654bc3c276445033a
SHA1: 78bcf608d997d0529be2f4f781fdc89e801c9e88
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.hibernate.common:hibernate-commons-annotations:4.0.1.Final   Confidence:HIGH

hibernate-core-4.1.7.Final.jar

Description: A module of the Hibernate Core project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\manjushrig\.m2\repository\org\hibernate\hibernate-core\4.1.7.Final\hibernate-core-4.1.7.Final.jar
MD5: ffa7d5a90c9e233a728d494d02e77d41
SHA1: 5a43c3fec4b8a9b3d97d76606377a7ccca967778
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.hibernate:hibernate-core:4.1.7.Final   Confidence:HIGH

hibernate-entitymanager-4.1.7.Final.jar

Description: A module of the Hibernate Core project

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\manjushrig\.m2\repository\org\hibernate\hibernate-entitymanager\4.1.7.Final\hibernate-entitymanager-4.1.7.Final.jar
MD5: 86859c93805c80aac400bd87afcc4e54
SHA1: 4378f4f459afbebffbe8bf7e4524d76045e4f5d6
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.hibernate:hibernate-entitymanager:4.1.7.Final   Confidence:HIGH

hibernate-jpa-2.0-api-1.0.1.Final.jar

Description:  Hibernate definition of the Java Persistence 2.0 (JSR 317) API.

License:

license.txt
File Path: C:\Users\manjushrig\.m2\repository\org\hibernate\javax\persistence\hibernate-jpa-2.0-api\1.0.1.Final\hibernate-jpa-2.0-api-1.0.1.Final.jar
MD5: d7e7d8f60fc44a127ba702d43e71abec
SHA1: 3306a165afa81938fc3d8a0948e891de9f6b192b
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final   Confidence:HIGH

javassist-3.15.0-GA.jar

Description: Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: C:\Users\manjushrig\.m2\repository\org\javassist\javassist\3.15.0-GA\javassist-3.15.0-GA.jar
MD5: 2fcae06eedcddd3e5b0fe32416f99c1c
SHA1: 79907309ca4bb4e5e51d4086cc4179b2611358d7
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.javassist:javassist:3.15.0-GA   Confidence:HIGH

jboss-logging-3.1.0.GA.jar

Description: The JBoss Logging Framework

License:

GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txt
File Path: C:\Users\manjushrig\.m2\repository\org\jboss\logging\jboss-logging\3.1.0.GA\jboss-logging-3.1.0.GA.jar
MD5: 735bcea3e47fd715900cfb95ec68b50f
SHA1: c71f2856e7b60efe485db39b37a31811e6c84365
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.jboss.logging:jboss-logging:3.1.0.GA   Confidence:HIGH

jboss-transaction-api_1.1_spec-1.0.0.Final.jar

Description: The Java Transaction 1.1 API classes

File Path: C:\Users\manjushrig\.m2\repository\org\jboss\spec\javax\transaction\jboss-transaction-api_1.1_spec\1.0.0.Final\jboss-transaction-api_1.1_spec-1.0.0.Final.jar
MD5: 1df800392c432e449d9a19ed7a8f54a8
SHA1: 2ab6236535e085d86f37fd97ddfdd35c88c1a419
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec:1.0.0.Final   Confidence:HIGH

json-20080701.jar

Description:  JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

provided without support or warranty: http://www.json.org/license.html
File Path: C:\Users\manjushrig\.m2\repository\org\json\json\20080701\json-20080701.jar
MD5: 4f4b10580231c86bc91a5f81e4200a70
SHA1: d652f102185530c93b66158b1859f35d45687258
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.json:json:20080701   Confidence:HIGH

servlet-api-2.5-6.1.9.jar

Description: Servlet Specification 2.5 API

License:

CDDL 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: C:\Users\manjushrig\.m2\repository\org\mortbay\jetty\servlet-api-2.5\6.1.9\servlet-api-2.5-6.1.9.jar
MD5: dad2570120128ac0938512318211b8dd
SHA1: 96425fc6a410817cd4c27e65a240cb8328eee9ad
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:mortbay_jetty:jetty:6.1.9   Confidence:LOW   
  • maven: org.mortbay.jetty:servlet-api-2.5:6.1.9   Confidence:HIGH

jetty-repacked-7.6.1.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar
MD5: 347692e3881d4c5fd09a6b35a307ad58
SHA1: 3937008b2f7c124f52f7734eba4f6efc148799c6
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:jetty:jetty:7.6.1   Confidence:LOW   

jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
MD5: 001a7f511ffb16873ea05be06bfcb1d9
SHA1: f3d8b5aa622cc3b68975088e33074b1dc4dd892f

Identifiers

  • cpe: cpe:/a:eclipse:jetty:7.6.1.v20120215   Confidence:LOW   
  • cpe: cpe:/a:jetty:jetty:7.6.1.v20120215   Confidence:LOW   
  • maven: org.eclipse.jetty:jetty-io:7.6.1.v20120215   Confidence:HIGH

CVE-2017-9735  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

Vulnerable Software & Versions:

selenium-api-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-api\2.42.2\selenium-api-2.42.2.jar
MD5: e0103ff44b1b29596f92ff1b4559b0cb
SHA1: 4aa197c299747cb0e8f36297f56c4ce76ecc4f80
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-api:2.42.2   Confidence:HIGH

selenium-chrome-driver-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-chrome-driver\2.42.2\selenium-chrome-driver-2.42.2.jar
MD5: 40897b2723fa8d267383b10c686b0ded
SHA1: c36ab01e47eea449942aea7f86e325ca37896be9
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-chrome-driver:2.42.2   Confidence:HIGH

selenium-firefox-driver-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-firefox-driver\2.42.2\selenium-firefox-driver-2.42.2.jar
MD5: 69beac121d62a1932f3351a70c93d0b3
SHA1: ea341c7a3b1e23b20656a76ab962ebf5fd0c02c3
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-firefox-driver:2.42.2   Confidence:HIGH

selenium-htmlunit-driver-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-htmlunit-driver\2.42.2\selenium-htmlunit-driver-2.42.2.jar
MD5: f6f6c5f0800356efab3e361c351f9167
SHA1: 01e2c89b6edd0250cea19432c652222eb8a732a6
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-htmlunit-driver:2.42.2   Confidence:HIGH

selenium-ie-driver-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-ie-driver\2.42.2\selenium-ie-driver-2.42.2.jar
MD5: 14e4e7b6f779e4eea612334b86b5462d
SHA1: c9c16383fcd66cdf0a38d63b93c9cea808eaf9f7
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-ie-driver:2.42.2   Confidence:HIGH

selenium-java-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-java\2.42.2\selenium-java-2.42.2.jar
MD5: c38f61afa7a3f67056fd48cff3af0632
SHA1: 1d56722a74a495c7e588508b84b91a76cd40f362
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-java:2.42.2   Confidence:HIGH

selenium-remote-driver-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-remote-driver\2.42.2\selenium-remote-driver-2.42.2.jar
MD5: c13607c8242adb5ae15d97268fe6ce94
SHA1: 230a6905f2cee5ca5fc2ab31bd342e757bccad2d
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-remote-driver:2.42.2   Confidence:HIGH

selenium-safari-driver-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-safari-driver\2.42.2\selenium-safari-driver-2.42.2.jar
MD5: d3436d8c81900ba0630eafb12357702e
SHA1: 10dc2d7cdeeac36c9f037789ef57db35777c540c
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-safari-driver:2.42.2   Confidence:HIGH

selenium-server-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-server\2.42.2\selenium-server-2.42.2.jar
MD5: e687702111f98daa0000bc30f1fa7d96
SHA1: 932bd06f79faac2f87d58547e090f160a1e8969f
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:jetty:jetty:2.42.2   Confidence:LOW   
  • maven: org.seleniumhq.selenium:selenium-server:2.42.2   Confidence:HIGH

selenium-server-2.42.2.jar: readystate.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-server\2.42.2\selenium-server-2.42.2.jar\customProfileDirCUSTFF\extensions\readystate@openqa.org\chrome\readystate.jar
MD5: 0bcafd7a486e7b6fc723da851db19a7b
SHA1: 63a6bdeee413d62ad8db3473797475243e99ec8e

Identifiers

  • None

selenium-server-2.42.2.jar: hudsuckr.exe

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-server\2.42.2\selenium-server-2.42.2.jar\hudsuckr\hudsuckr.exe
MD5: 2a9cca56785eab06a70e5d35523bcec9
SHA1: 89c44639f3bd4b4c7ee05286bb1748c9ae68eab1

Identifiers

  • None

selenium-support-2.42.2.jar

File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-support\2.42.2\selenium-support-2.42.2.jar
MD5: eb831d38cb846ee3d57ee8b90aab1f94
SHA1: 77ea1515455e3c259188b29eec7775262bee2ba5
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.seleniumhq.selenium:selenium-support:2.42.2   Confidence:HIGH

jcl-over-slf4j-1.7.5.jar

Description: JCL 1.1.1 implemented over SLF4J

File Path: C:\Users\manjushrig\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.5\jcl-over-slf4j-1.7.5.jar
MD5: 4dde0990b45d1bbba6ee141da8fa9c25
SHA1: 0cd5970bd13fa85f7bed41ca606d6daf7cbf1365
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.slf4j:jcl-over-slf4j:1.7.5   Confidence:HIGH

slf4j-api-1.7.5.jar

Description: The slf4j API

File Path: C:\Users\manjushrig\.m2\repository\org\slf4j\slf4j-api\1.7.5\slf4j-api-1.7.5.jar
MD5: 3b1ececad9ebc3fbad2953ccf4a070ca
SHA1: 6b262da268f8ad9eff941b25503a9198f0a0ac93
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.slf4j:slf4j-api:1.7.5   Confidence:HIGH

slf4j-log4j12-1.7.5.jar

Description: SLF4J LOG4J-12 Binding

File Path: C:\Users\manjushrig\.m2\repository\org\slf4j\slf4j-log4j12\1.7.5\slf4j-log4j12-1.7.5.jar
MD5: 371e35747d6bd35e3800034bdac4150e
SHA1: 6edffc576ce104ec769d954618764f39f0f0f10d
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.slf4j:slf4j-log4j12:1.7.5   Confidence:HIGH

spring-aop-4.0.6.RELEASE.jar

Description: Spring AOP

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-aop\4.0.6.RELEASE\spring-aop-4.0.6.RELEASE.jar
MD5: 6bb9fae0089d025a732eb6499398c4f1
SHA1: e377760b7692569535573ba9f6e80b4b74869369
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-aop:4.0.6.RELEASE   Confidence:HIGH

spring-beans-4.0.6.RELEASE.jar

Description: Spring Beans

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-beans\4.0.6.RELEASE\spring-beans-4.0.6.RELEASE.jar
MD5: c8d62de715a3a30f9a44d54f5f19ccdb
SHA1: 587879b58acebeb5b0a63c01e822f9b44d9a4c77
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-beans:4.0.6.RELEASE   Confidence:HIGH

spring-context-4.0.6.RELEASE.jar

Description: Spring Context

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-context\4.0.6.RELEASE\spring-context-4.0.6.RELEASE.jar
MD5: 92402da499bea47d789e43d504548e9d
SHA1: 3bb3a52edabf9ffe73aa534fb085c816bac28b4d
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:context_project:context:4.0.6   Confidence:LOW   
  • maven: org.springframework:spring-context:4.0.6.RELEASE   Confidence:HIGH

spring-core-4.0.6.RELEASE.jar

Description: Spring Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-core\4.0.6.RELEASE\spring-core-4.0.6.RELEASE.jar
MD5: 94668e0e7a520869d46b8739351693ea
SHA1: d880beac77d42c5798aa2b632ddd0e4ae47c79ad
Referenced In Project: EmployeeManagementSystem

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.0.6   Confidence:LOW   
  • cpe: cpe:/a:springsource:spring_framework:4.0.6   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.0.6   Confidence:LOW   
  • maven: org.springframework:spring-core:4.0.6.RELEASE   Confidence:HIGH

spring-expression-4.0.6.RELEASE.jar

Description: Spring Expression Language (SpEL)

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-expression\4.0.6.RELEASE\spring-expression-4.0.6.RELEASE.jar
MD5: d26b98f522197197d54c0f1589c97a4f
SHA1: 5f0a135b8cf290aa244097dc6264ad0989d25c56
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-expression:4.0.6.RELEASE   Confidence:HIGH

spring-jdbc-4.0.6.RELEASE.jar

Description: Spring JDBC

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-jdbc\4.0.6.RELEASE\spring-jdbc-4.0.6.RELEASE.jar
MD5: bc33d47e1d9a2544a419ea91ad38c4f3
SHA1: 28fa5e60c3d68132d83d9c1e7d9fccebb83c9104
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-jdbc:4.0.6.RELEASE   Confidence:HIGH

spring-orm-4.0.6.RELEASE.jar

Description: Spring Object/Relational Mapping

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-orm\4.0.6.RELEASE\spring-orm-4.0.6.RELEASE.jar
MD5: 4564121b40b35417833b87d66907b1b6
SHA1: e13077d6527b7e0c1c04293c1d1696436d053a61
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-orm:4.0.6.RELEASE   Confidence:HIGH

spring-tx-4.0.6.RELEASE.jar

Description: Spring Transaction

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-tx\4.0.6.RELEASE\spring-tx-4.0.6.RELEASE.jar
MD5: 8bb69385ab6dcb2d52ed22de51fb20a1
SHA1: 6b4ed868e07d58f2cf15bcd7958acd86fd4f3da4
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-tx:4.0.6.RELEASE   Confidence:HIGH

spring-web-4.0.6.RELEASE.jar

Description: Spring Web

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-web\4.0.6.RELEASE\spring-web-4.0.6.RELEASE.jar
MD5: 13ef071552b950110b2e2a93a89d00d0
SHA1: 085ef4b91fcdd86d81e4a9b3e5f006dcb4128e6d
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-web:4.0.6.RELEASE   Confidence:HIGH

spring-webmvc-4.0.6.RELEASE.jar

Description: Spring Web MVC

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-webmvc\4.0.6.RELEASE\spring-webmvc-4.0.6.RELEASE.jar
MD5: ca9cbd4c53905f7331219758b68b61d1
SHA1: 9020a09a96058133c822ff04f00e7fa0e0c3b82b
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.springframework:spring-webmvc:4.0.6.RELEASE   Confidence:HIGH

sac-1.3.jar

Description: SAC is a standard interface for CSS parsers.

License:

The W3C Software License: http://www.w3.org/Consortium/Legal/copyright-software-19980720
File Path: C:\Users\manjushrig\.m2\repository\org\w3c\css\sac\1.3\sac-1.3.jar
MD5: eb04fa63fc70c722f2b8ec156166343b
SHA1: cdb2dcb4e22b83d6b32b93095f644c3462739e82
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.w3c.css:sac:1.3   Confidence:HIGH

webbit-0.4.14.jar

Description: A Java event based WebSocket and HTTP server

License:

BSD License: http://www.opensource.org/licenses/bsd-license
File Path: C:\Users\manjushrig\.m2\repository\org\webbitserver\webbit\0.4.14\webbit-0.4.14.jar
MD5: 2557525150b95159e58c88f5e06e1a0a
SHA1: 3bf3f17fe41fb34c4d98663957ec0795a6b6653e
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.webbitserver:webbit:0.4.14   Confidence:HIGH

snakeyaml-1.8.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License Version 2.0: LICENSE.txt
File Path: C:\Users\manjushrig\.m2\repository\org\yaml\snakeyaml\1.8\snakeyaml-1.8.jar
MD5: 59099d0b410dc146e7e76375ad260dcd
SHA1: acfe93f81278f58f62e035f8ca2ca6abb0a5cb8e
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: org.yaml:snakeyaml:1.8   Confidence:HIGH

serializer-2.7.1.jar

Description:  Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input SAX events.

File Path: C:\Users\manjushrig\.m2\repository\xalan\serializer\2.7.1\serializer-2.7.1.jar
MD5: a6b64dfe58229bdd810263fa0cc54cff
SHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: xalan:serializer:2.7.1   Confidence:HIGH

xalan-2.7.1.jar

Description:  Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements XSL Transformations (XSLT) Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from the command line, in an applet or a servlet, or as a module in other program.

File Path: C:\Users\manjushrig\.m2\repository\xalan\xalan\2.7.1\xalan-2.7.1.jar
MD5: d43aad24f2c143b675292ccfef487f9c
SHA1: 75f1d83ce27bab5f29fff034fc74aa9f7266f22a
Referenced In Project: EmployeeManagementSystem

Identifiers

CVE-2014-0107  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

Vulnerable Software & Versions: (show all)

xercesImpl-2.11.0.jar

Description:  Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual. Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page. Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1. Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\manjushrig\.m2\repository\xerces\xercesImpl\2.11.0\xercesImpl-2.11.0.jar
MD5: 43584adc1f895628055bad0aa98a1007
SHA1: 9bb329db1cfc4e22462c9d6b43a8432f5850e92c
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: xerces:xercesImpl:2.11.0   Confidence:HIGH

xml-apis-1.4.01.jar

Description: xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
The SAX License: http://www.saxproject.org/copying.html
The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zip
File Path: C:\Users\manjushrig\.m2\repository\xml-apis\xml-apis\1.4.01\xml-apis-1.4.01.jar
MD5: 7eaad6fea5925cca6c36ee8b3e02ac9d
SHA1: 3789d9fada2d3d458c4ba2de349d48780f381ee3
Referenced In Project: EmployeeManagementSystem

Identifiers

  • maven: xml-apis:xml-apis:1.4.01   Confidence:HIGH


This report contains data retrieved from the National Vulnerability Database.